Lucene search

MitreCVE-2001-0389

HistoryJul 02, 2001 - 4:00 a.m.

CVE-2001-0389

2001-07-0204:00:00

mitre

web.nvd.nist.gov

ibm websphere

netcommerce3 3.1.2

vulnerability

remote attack

server path revelation

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

51.8%

JSON

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.

Affected configurations

Nvd

Node

ibmnet.commerceMatch3.1.2

ibmwebsphere_application_serverMatch5.1.0.3

VendorProductVersionCPE
ibmnet.commerce3.1.2cpe:2.3:a:ibm:net.commerce:3.1.2:*:*:*:*:*:*:*
ibmwebsphere_application_server5.1.0.3cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	net.commerce	3.1.2	cpe:2.3:a:ibm:net.commerce:3.1.2:::::::*
ibm	websphere_application_server	5.1.0.3	cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:::::::*

References

www.securityfocus.com/archive/1/176100

www.securityfocus.com/bid/2587

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

51.8%

JSON

Related for CVE-2001-0389